Hi everyone
Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.
My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that’s worth the extra money.
Here are my questions. I use the latest version of truenas community
- How do I connect my domain to my server apps? I’ve got a series of apps I’d love to he able to access without tailscale and solely use the domain.
- I have heard the term DNS a million times but don’t really understand it. What do.I need to know about DNS to keep security up and stay protected
- I’d like to let family access my media server, are there any considerations I need to make?
- How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?
Thank you for any advice


This. Do not expose any service to the internet or even LAN. All clients need to connect via VPN to your machine, no matter if from LAN/home or on the road (WAN/Internet). You can still use a reverse proxy and custom domain names so inside the VPN network everything is HTTPS and each service has a nice domain name.
This seems a bit extreme to me. I have services exposed to the Internet, with reverse proxy and auth.
I think it’s good advice for beginners. If you’re inside a VPN you get a little more breathing room to figure out how to properly provision and wire up your services without having do deal with all the security and scaling concerns that can come from public hosting. Also, new hosters are really likely to set up their reverse proxy and not patch it and leave it open to known vulnerabilities that get exploited months or years down the line… not that that ever happened to me…
Anyway, I think inside a VPN is a good way to get your feet wet. Setting up a public website is fun but I wouldn’t advise it as a first step.
For a personal website, just point the main domain or one subdomain at something like github pages or another static site hoster and start forwarding email to their regular email. Zero maintenance to start and cost. Grow from there.
How can I force https on my apps
Sounds like you may be really starting from scratch on your learning. It would be best to work entirely inside a VPN like tailscale for complex apps like jellyfin if you want them. You can set up https, but there’s no harm either way. You might not use your own domain right away inside your VPN, but you will a little down the road. You will get annoyed with using IP addresses for your services and set up an internal DNS server eventually. You can safely experiment and make mistakes inside your tailnet.
For learning to set up an open Internet exposed service, use a completely isolated, dedicated computer (maybe a raspberry pi on a demilitarised zone of your internet router or better yet a $5 VPS on someone else’s network). Then read up on hosting a “static website” with either ngnix or Caddy. I prefer the latter because one short config file can set everything up for https and take care of the certificates for you. This can eventually become the gateway into your other services from the open Internet, but do not do that from the start, just a simple personal website. This will require learning a little Linux system admin, SSH (read up on key based authentication so you can disable password authentication in SSH), remote file management, and configuring a webserver, DNS, and certificates. Lots to learn.
Because it is just hosting static webpages, theres almost no risk of it being hacked and used maliciously if you misconfigrure something or forget to patch it. Static sites are awesome nowadays anyway, though, you don’t even really need a fancy site generator to get started, just some simple HTML files. A fun and easy project is a hand written list of your favourite web links and then set your browser’s new tab page to it. Instantly useful and fully under your control.
I actually envy your spot on your learning journey. It was such a rewarding experience for me to do all the above.